Overview

overview

10

Static

static

10

XWorm V5.6.7z

windows11-21h2-x64

7

Resubmissions

28/03/2025, 18:40

250328-xbc4wszva1 10

27/03/2025, 22:53

250327-2vav4a1px4 10

Analysis

  • max time kernel
    29s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250314-en
  • resource tags

    arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27/03/2025, 22:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XWorm V5.6.7z

  • Size

    18.5MB

  • MD5

    ea35b74bbe3cf8de1ddbd5ab10ada9b1

  • SHA1

    6f20dd8865e84581ddfa7d4666bffeb812f2deed

  • SHA256

    7c431981e1962c71f936fc53951982071462f853f53c92dc3d4103ee5e3efe70

  • SHA512

    d9296919eec861a1e8ea72b5d590e8d6092a188208bda0f17ebb52744fbb702391022d25a51bbea041eb4db9f9d8c48ac3a0a2b14c4a5ed792c2914a7b657504

  • SSDEEP

    393216:ACEYC65G+SwHO1JoCzXq5i+dDmpu06beWxEkNgwTZDZerBjkDGp5:6YC65G1wHezB+Ypt6beWES6rBjkDGp5

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6.7z"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:536
    • C:\Users\Admin\AppData\Local\Temp\7zO812282A7\Xworm V5.6.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO812282A7\Xworm V5.6.exe"
      2⤵
      • Executes dropped EXE
      PID:1180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zO812282A7\Xworm V5.6.exe
    Filesize

    14.9MB

    MD5

    56ccb739926a725e78a7acf9af52c4bb

    SHA1

    5b01b90137871c3c8f0d04f510c4d56b23932cbc

    SHA256

    90f58865f265722ab007abb25074b3fc4916e927402552c6be17ef9afac96405

    SHA512

    2fee662bc4a1a36ce7328b23f991fa4a383b628839e403d6eb6a9533084b17699a6c939509867a86e803aafef2f9def98fa9305b576dad754aa7f599920c19a1

    Download Submit

  • memory/1180-12-0x00007FFBF5963000-0x00007FFBF5965000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1180-13-0x00000243E4C80000-0x00000243E5B68000-memory.dmp

    Filesize

    14.9MB

    Download

  • memory/1180-14-0x00007FFBF5960000-0x00007FFBF6422000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1180-15-0x00007FFBF5960000-0x00007FFBF6422000-memory.dmp

    Filesize

    10.8MB

    Download